Wolf!

Thursday, 5 May 2011

Now I am seeing evidence that the next target is OS X. That’s
potentially very bad news for Mac owners who have abandoned their
PCs in the belief that switching to a Mac somehow immunizes them
from malware.

Security experts know, of course, that there’s nothing
magical about Macs when it comes to security. They just
haven’t been targeted because Windows has been such a big
juicy target for so long.

But now that Macs have achieved a critical mass of success in the
marketplace, they’ve attracted the attention of malware authors.
According to a report from a Danish IT security company, an
underground group has completed work on a fully operational kit
specifically designed to build malware aimed at the Mac OS
platform.

The McAfee report explains, “McAfee Labs saw malware of
increasing sophistication that targets Mac this year; we expect
this trend to increase in 2011. The popularity of iPads and
iPhones in business environments and the easy portability of
malicious code between them could put many users and businesses at
risk next year and beyond,” adding “We anticipate threats of
data and identity exposure will become more pronounced.” […]

If McAfee is right, 2011 could be a bittersweet year for Apple and
Apple fans.

A bunch of Russian hackers are offering 43 cents for each Mac that
their partners in crime can infect with bogus video software. The
move has been cited by insecurity experts at Sophos as a sign that
Mac users’ security by obscurity days are coming to an end. […]

This is because most Mac users believe that faith in Steve Jobs
protects them from all malware. To them, malware is only for
Windows users because OS X is perfect and totally secure. The fact
that Mac OS X’s security is the stuff of jokes at security
experts’ parties does not matter to the Apple faithful.

The company [Sophos] reports today that two new Mac-ware Trojans that
emerged in February and June ought to shake Mac users of their
misconceptions that their computers (and, eventually, iPods and
iPhones) are impenetrable. To put this in perspective, the first
really pernicious piece of Mac malware emerged only in October,
2007, Mr Cluley adds, suggesting that a worrisome trend is about
to get worse.

Just as those living in shiny houses of self-righteous glass often
end up surrounded by shards of their former sanctimony, so Apple
Inc. now finds itself the increasingly appealing target of
software hackers.

It’s not often that an analyst covering computer security
issues tells you that he doesn’t do much to protect his
systems. But one reputable analyst I know said just that as we
talked about the rising threat of malware aimed at Apple’s
hardware. I won’t mention his name, but the gentleman is dead
wrong. The days when you can assume that Apple’s products are
exempt from harm are over.

Evron sees more problems for Apple users than just new Trojans
that try to trick users. Hackers will find it profitable and all
too easy to find holes in Apple software, because the company
hasn’t paid sufficient attention to security, said Evron. He
predicts Apple will experience a full-range of attacks, just as
Microsoft did a decade ago when Windows machines and the internet
first met.

With Apple’s announcement Monday that it shipped 1.12 million
iPhones in the three months after its launch, the gadget’s
apparent popularity rivals some PCs. That has security experts
warning of trouble, following revelations that Apple built the
iPhone’s firmware on the same flawed security model that took
rival Microsoft a decade to eliminate from Windows.

“It really is an example of ‘those who don’t learn from history
are condemned to repeat it’,” says Dan Geer, vice president and
chief scientist at security firm Verdasys.

Apple computers have long been prized for being virus-free. But as
more people use Apple products, experts say the company is
increasingly becoming a target for cyber pranksters and criminals
writing viruses and other forms of malware.

But that may all be about to change. The number of newly
discovered Mac OS X vulnerabilities has surged by more than 220
percent (annualized) from 2003 to 2005. Compare that to an 80
percent increase in the number of Windows vulnerabilities.

Of course, McAfee is in the business of selling antivirus
software, so it’s important to take its reports with a grain of
salt (as with any antivirus vendor).

While Microsoft’s vulnerabilities might let intruders into the
castle, Apple is giving them the keys to the kingdom and rolling
out the welcome mat.

Apple also happens to make the world’s most popular music devices:
iPods. Essentially large hard drives, they also have the potential
to deliver all kinds of security threats into any environment,
even Windows. Once a virus infiltrates the iPod, plug and play
becomes plug and plague. Did anyone really believe the security
nirvana for Apple would last? It’s now more vulnerable than ever,
and things can only get worse.

Symantec’s concerns were echoed by James Turner, security analyst
at Frost & Sullivan Australia, who said many of the people who
bought Apple products were not concerned about security, which
left them wide open to attack.

“The iPod, PowerBooks and mini Macs are cool products,” Turner
said. “The by-product is that people are buying these products for
form over function. They say it looks pretty and then buy it but
don’t secure it. As Apple increases its market share, it will be a
legitimate target”.

The Apple community has, since its inception, been largely immune
to nefarious hackers bent on spreading harm. If you are a Windows
user, as I am, you know the routine. You complain about the latest
spyware or virus attack, and Apple devotees respond with
good-natured teasing — they don’t have worry about such
nonsense. Well, now they do.

Predictably, posts on various Apple-related message boards have
been offering varying levels of concern, ranging from mild
disappointment to utter gloom. I think this reaction is
fundamentally misguided. MAC users should not be upset about this
malware news; they should rejoice.